HTTP-01 challange pending forever

I am trying to transition to a HTTP-01 issued star domain certificate from a DNS-01 certificate for our companies website. We are using acme-tiny.

My Domain is:

I run:
openssl req -new -sha256 -key privkey.pem -subj “/” -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf “[SAN]\”) ) > domain.csr

acme-tiny --account-key ./account.key --csr ./domain.csr --acme-dir /web/challenges/ > ./signed_chain.crt

acme-tiny start a certification and gets a challange that we should serve at
using our nginx server. (Which we do, as you can validate).

It then gets stuck on verifying, acme-tiny requests the url

where it gets the response.
{“type”: “http-01”, “status”: “pending”, “uri”: “”, “token”
: “dLsrhLXw2soZBSKIwVxkBsjKxup9bcSCD0jCmse0afQ”}

It then retries over and over again, but the status keeps on being pending, for at least 8 hours.

We also have a number of other domains we also want in the certificate, for instance and If i put only thoughs in the request without, acme-tiny produces a certificate almost immediately. If i include also it hangs on indefinitely.

Am I doing something wrong. Is there some special procedure one should go through to switch from a DNS-01 cert to a HTTP-01 cert?

Hi @antialize

pending means: Your client doesn't send the "hey, server, the challenge is created, please check it" command to Letsencrypt.

So Letsencrypt waits that your client sends this command.

Why? I have no idea.

Is there an update of acme-tiny?

Or acme-tiny tries to do a local check, that local check doesn't work. So acme-tiny tries it again and again.

Is there an option to cancel such a local check?

PS: Checking your domain there is no real problem visible -

http works, /.well-known/acme-challenge works with a redirect www -> non-www.

Works something like


internal? A http status 404 - Not found is expected.

Hi Juergen. I used the acme-tiny from ubuntu 18.04 lts. I tried with the latest from git and everything just worked. Thanks.


Ah, thanks - so your older client had a bug, now it's fixed :+1:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.